fix(mcp): isolate OAuth request headers

[rekram1-node]

Summary

• patch MCP SDK 1.29 transports so resource requestInit.headers are used only for MCP resource requests, never OAuth PRM/authorization-server discovery, dynamic registration, token exchange, or refresh
• make generated transport headers case-insensitively replace configured values, preventing duplicate Authorization fields while preserving custom MCP resource headers
• treat configured static Authorization as mutually exclusive with OAuth in connection, explicit auth, and debug paths

Related issues

• Related to [FEATURE]: Full MCP client capabilities #28567, the master MCP client capabilities tracker
• Related to The mcp auth and mcp debug don't send configured headers during OAuth flow #20286, which introduced configured-header forwarding into MCP auth/debug paths and exposed the boundary corrected here
• Related to Remote MCP with custom headers returning 401 Unauthorized despite oauth: false #30428, which requires static custom headers to remain on MCP resource requests when OAuth is disabled
• Related to Remote MCP transport overrides user-configured Accept header #31320, which covers precedence between configured and transport-generated MCP headers
• Related to [FEATURE]: add dynamic MCP headersHelper support for remote authentication #27161, the dynamic remote MCP authentication-header proposal, which must preserve this origin boundary
• Related to [FEATURE]: add mcp.call.before plugin hook for per-call MCP request headers (e.g. sessionID forwarding) #28225, the per-call MCP resource-header proposal, which must likewise exclude OAuth-owned requests

Security boundary

MCP resource headers may contain tenant credentials or other origin-scoped secrets. SDK 1.29 wrapped OAuth fetches with the complete resource requestInit, allowing those headers to cross from the MCP resource origin to separately hosted protected-resource metadata, authorization server, registration, and token endpoints. The local SDK patch retains non-header request options for compatibility but removes resource headers from every OAuth-owned fetch. OAuth-generated metadata headers and client authentication remain intact.

Compatibility

• all configured headers continue to reach Streamable HTTP and SSE resource requests
• static Authorization continues to authenticate the MCP resource, but no OAuth provider is installed for that configuration
• OAuth bearer tokens replace any same-name resource header case-insensitively rather than combining values
• existing auth and debug flows remain unchanged for configurations without static Authorization

Tests

• bun test test/mcp/oauth-header-isolation.test.ts
• bun test test/mcp/headers.test.ts
• bun typecheck from packages/opencode

The integration coverage uses real loopback servers on ephemeral ports with distinct origins and no mocks, sleeps, or timers. It covers PRM and authorization-server discovery, DCR, authorization-code exchange, refresh, mixed-case Authorization, resource canaries, and exactly one OAuth Basic client-auth header.